Using SMTP to Office 365 from Google Cloud Engine

2
votes

I just hit a major block in a planned migration from Azure to GCP/GCE. GCP does not allow egress of SMTP on port 587. I double checked and their support confirmed this. The upshot is that I can't use the SMTP server in Office 365 from my GCEs as the requirement for SMTP when using O365 is port 587 at smtp.office365.com. Bizarrely, (and somewhat contradicting the supposed reason for this block) port 2525 is open for SMTP traffic. Oh, and of course port 587 is open if you use Google for email!!

Has anyone found a way around this, perhaps by getting SMTP out on 2525 and back to O365 on port 587 - but I assume that needs a server outside of GCP - defeating the whole object of the exercise!!

I have a workaround by using a third-party email service open on 2525 (AuthSMTP), but this adds cost and more importantly means I wouldn't have a single source of email for audit purposes within O365.

3
smtpgoogle-cloud-platformoffice365google-compute-engine
How did you go with this? I have the exact same stumbling block migrating from AWS.. Google needs to sort this out. I am looking at Mailgun etc but really I can understand blocking raw outgoing mail but not authenticated SSL SMTP out.. damn - Adamz
I had a subscription to AuthSMTP who accept email on 2525 - this worked from GCP. But I had to modify code to add the disclaimer normally added by O365. AuthSMTP will "duplicate" the mail back to O365 - so I think I have a "complete" solution, albeit at a cost. I am still in dialogue with Google support. Also found dnsmadeeasy.com but haven't tried yet. This looks like it will accept on 2525 and forward to 587 at O365. - Nick Wallbridge
Thanks, I ended up using Mailgun. Using their HTTP API, works great and it is free for under 3000 messages per day. I mostly need this just for formmail. - Adamz

3 Answers

2
votes

UPDATE August 2018: As stated in the comment by Scott van Woudenberg(Google) on the page in G Piper's response, this feature is supported since August 2018 for ports 587 and 465:

Hello again everyone,

Following up on Paul Nash’s recent update, we (the entire Compute Engine PM team) are very happy to say that this change is now in production. In other words, Compute Engine customers can now connect to external SMTP servers and services using ports 465 and 587.

We appreciate all of the votes and feedback our community has provided around this issue. If you encounter issues with this functionality, please submit bug reports using our external issue tracker.

SOURCE: https://googlecloudplatform.uservoice.com/forums/302595-compute-engine/suggestions/10079937-send-and-receive-email-using-tcp-smtp-imap-ports

1
votes

Please vote here to get Google's SMTP ports opened up: https://googlecloudplatform.uservoice.com/forums/302595-compute-engine/suggestions/10079937-send-and-receive-email-using-tcp-smtp-imap-ports

Until they open all the SMTP ports, there will be no good/easy way to send email from their cloud servers. Sendgrid and the other SMTP services are too expensive or lack many features that are needed. This rule they have is unsustainable for a server-service.

0
votes

I actually ran into the same problem and for a month or two I didn't know what to do. Anyways, the not very neat solution that I found was using Microsoft Flow to send the email. I basically set up a flow to receive a POST request containing body, subject, recipients and a key, then told it to validate whether the key is valid (simple equal to condition) just to make sure no one package sniffed my traffic and found the URL (the request is over https so the eky cannot be sniffed). After this, I told it to send email in the "Yes" part of the condition and to send notification on bad auth on the "No" part. That's it. The outgoing port which isn't SMTP port but 443 to send the email. Since Google claim their problem is IP reputation that method is great as it should leave no traces of the original IP when the email is received. Not the neatest solution but it works.

Best regards and hope it helps.

P.S. Remember to mark "is HTML" as yes in the advanced settings of the sending in the Flow you created.